In the introduction to this series, we acknowledged that it can be difficult at times to understand which tool to use when trying to work with metrics, especially when there is some overlap.

In this first part, we will start by exploring Log Analytics.

Overview

To give you a quick high-level overview of Azure Log Analytics, it’s capable of collecting log data from multiple sources, including (but not limited to):

Azure Active Directory (AAD)

Azure Activity

Diagnostics

Applications

Security

Storage

Note: You may see/notice in the latest Microsoft documentation, that they are using “Azure Monitor logs” instead of “Log Analytics”. We will use this latest term for the remainder of this series.

Where do logs come from?

Different sources of data for Azure Monitor will write to either a Log Analytics workspace (Logs) or the Azure Monitor metrics database (Metrics) or both. Some sources will write directly to these data stores, while others may write to another location such as Azure storage and require some configuration to populate logs or metrics.

Azure Monitor Logs can collect log data from a variety of sources both within Azure and from on-premises resources. For the most updated list of available sources, check out the following documentation: Sources of Azure Monitor Logs.

Azure Monitor Log (aka Log Analytics)

In Azure Monitor Logs, when you first set up a Workspace, you need to configure what performance metrics you will collect. By default, there is a list of common performance counters that you can enable out-of-the-box. These include disk, Memory, CPU, and Networking metrics.

Azure Monitor Logs – Common Windows Perf Counters

In Azure Monitor Logs you can also add additional counters, just by adding them from the list.

Azure Monitor Logs – Common Counters

The Counters

So, understanding some of the basics about Azure Monitor Logs, what are the actual counters that are available natively by default. Well, remember you still first need to add the performance counters (they’re not “turned on” by default). But, here’s what’s currently available, grouped by category: